Two privacy bills were presented in relation to the COVID-19 contact tracing apps which Congress is currently considering. Republican and Democratic lawmakers introduced contending bills that have several common ground and hope to accomplish the same objectives.

Under the bill, it is illegal to collect personal health data, proximity data, device information, and geolocation data except if notice was provided to consumers regarding the intent of collecting the data and consumers need to provide their authorization to the collection, use, and transmission of their info. The bill forbids the collection, processing, or transfer of information for any secondary objectives.

The permitted purpose for the collection, use, and transmission of information is restricted to monitoring the spread, and symptoms of COVID-19; measuring compliance with social distancing and other requirements associated to COVID-19 enforced on people; and for COVID-19 contact tracing needs.

The bill additionally necessitates companies to permit people to opt-out, give transparency reports explaining data collection actions; set up data minimization and data security prerequisites; specify what makes up aggregate and de-identified information to make sure companies follow specified technical and legal safety measures to avoid re-identification; and delete collected information after the COVID-19 public health emergency is resolved.

Senator Thune said that this bill hits the right balance of using technology to develop systems that could trace the virus and flatten the curve while maintaining privacy security for U.S. citizens.

Representatives Anna G. Eshoo (D-Calif), Suzan DelBene(D-Wash), Jan Schakowsky (D-Ill), and Senators Richard Blumenthal (D-Conn) and Mark Warner (D-Va) introduced the Democratic bill the Public Health Emergency Privacy Act. The goal of the bill is to make sure there is transparency when it comes to the health and location information collected by contact-tracing apps and to provide Americans control on the collection and processing of their information. The bill furthermore makes certain that businesses are held accountable when consumers data is employed for activities not related to the fight against the COVID-19 virus.

The bill demands that health data be used only for public health uses; it forbids using health information for discriminatory, irrelevant, or invasive purposes, such as commercial marketing or to gate access to work, finance, insurance, education or housing opportunities; it inhibits data misuse by government organizations that do not have any role in public health; it makes sure meaningful data security and implementation of data integrity protections; it forbids conditioning the right to vote depending on a health condition or using contact tracing apps; and it requires producing regular reports on the effect on civil rights of digital collection tools.

The bill calls for the public to have control regarding their participation in contact tracing by means of opt-in consent, there should be meaningful transparency, and solid private and public observance. The bill additionally requires the destruction of information within 60 days from the conclusion of the public health emergency. The bill is not applicable to HIPAA-covered entities or their business associates, which need to continue compliance with HIPAA Rules.

Rep. Jan Schakowsky said that because of the COVID-19 crisis, the most important public health response should be testing and manual contact tracing. Using digital contact tracing can help but consumers need to have clearly-outlined privacy rights and solid enforcement to protect these rights.

Considering the likeness of the two bills, it may be likely to reach a consensus on the content of any new legislation and for the two sides to come together and get a bill approved to secure the personal privacy of Americans and make sure that information gathered by COVID-19 contact tracing apps is not abused.